VYPR

apk package

chainguard/in-toto

pkg:apk/chainguard/in-toto

Vulnerabilities (3)

  • CVE-2026-39892CriApr 8, 2026
    affected < 3.1.0-r0fixed 3.1.0-r0

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulner

  • CVE-2026-34073MedMar 31, 2026
    affected < 3.0.0-r3fixed 3.0.0-r3

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently

  • CVE-2026-26007Feb 10, 2026
    affected < 3.0.0-r3fixed 3.0.0-r3

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_ke